CVE-2023-2024
CRITICALOpenBlue Enterprise Manager Data Collector < 3.2.5.75 - Improper Authentication
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-2024. PoCs published by team890.
Description
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
Exploits (1)
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04
Scores
CVSS v3
10.0
EPSS
0.0109
EPSS Percentile
60.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
johnsoncontrols/openblue_enterprise_manager_data_collector
< 3.2.5.75
Published
May 18, 2023
Tracked Since
Feb 18, 2026